Page MenuHomePhabricator

Increase MinimalPasswordLength to 8 for several local and global groups
Closed, ResolvedPublic

Description

Per https://en.wikipedia.org/wiki/Wikipedia:Security_review_RfC, it seems like the admins mostly all agree to "Length increase to 8 bytes".

Initially, we will not set a minimum password length to login (which prevents logins for accounts with shorter passwords), so users in these groups, if they have a password shorter than 8, will still be logged in, but will be prompted to change their password every time they login.

Event Timeline

csteipp claimed this task.
csteipp raised the priority of this task from to High.
csteipp updated the task description. (Show Details)
csteipp changed the visibility from "Public (No Login Required)" to "Custom Policy".
csteipp changed the edit policy from "All Users" to "Custom Policy".
csteipp added subscribers: Krenair, Jalexander, csteipp, Matanya.
csteipp renamed this task from Increase MinimalPasswordLength for enwiki sysops to 8 to Increase MinimalPasswordLength to 8 for local enwiki groups: sysops, bureaucrat, steward, and founder.Dec 11 2015, 2:08 AM
csteipp updated the task description. (Show Details)
csteipp changed the visibility from "Custom Policy" to "Public (No Login Required)".
csteipp changed the edit policy from "Custom Policy" to "All Users".
csteipp set Security to None.

steward and founder are of course global groups. (T104371)

steward and founder are of course global groups. (T104371)

There is a local 'steward' and 'founder' group as well, although it looks like steward has no members, and founder only has one user, predictably.

The global stewards have agreed to raise their policy as well.

local steward is used to get around T14518

Bawolff renamed this task from Increase MinimalPasswordLength to 8 for local enwiki groups: sysops, bureaucrat, steward, and founder to Increase MinimalPasswordLength to 8 for several local and global groups.Jan 22 2016, 11:32 AM

Change 272660 had a related patch set uploaded (by CSteipp):
Password policies for advanced permission groups

https://gerrit.wikimedia.org/r/272660

Change 276518 had a related patch set uploaded (by CSteipp):
Enforce password policies on labs

https://gerrit.wikimedia.org/r/276518

Change 251678 abandoned by CSteipp:
Set password policy for enwiki sysops

Reason:
Doing I9bf79e16d61b6e7aca89cd7bd05a8ce65685a8c2 instead

https://gerrit.wikimedia.org/r/251678

Change 272660 merged by jenkins-bot:
Password policies for advanced permission groups

https://gerrit.wikimedia.org/r/272660

With https://gerrit.wikimedia.org/r/272660, this is now enforced on all SUL sites

Change 276518 abandoned by Reedy:
Enforce password policies on labs

Reason:
Dupe of productions, config already applied on beta

https://gerrit.wikimedia.org/r/276518